Posts
GoDiego
Cancel

Hack The Box: Writeup write-up

Learning to look for exploits on manual enumeration and really interesting privilege escalation based on badly configured permissions and cronjobs!

Hack The Box: SwagShop write-up

Really cool box that chains together two different exploits for the Magento CMS followed by a really simple yet amusing way of privilege escalation with vi!

Hack The Box: Luke write-up

Interesting machine focused on enumeration, it also shows how to get JWT tokens. Credentials are the key!

Modular matrices - HarekazeCTF 2019

In this blogpost I’ll be explaining how to find the inverse of a modular matrix as I solve one of the crypto challenges from HarekazeCTF 2019. Definitely for those who like math!

AES 128 Padding Attack - CSACTF Crypto: Flag server

Is it a blind SQL? Although my python script output looks like it, it is not. Interesting write-up of a padding attack on AES 128, crypto can be fun!

Hack The Box: FriendZone write-up

Really good machine to learn about DNS, also includes LFI and python library poisoning! One of my best ones so far!

Hack The Box: Help write-up

File upload that leads to user and then kernel exploit. Too easy right?

Hack The Box: Chaos write-up

It was indeed a chaos: from wordpress and pdf exploitation with latex to connection with email servers and shell escape. Want to know more?

Hack The Box: Curling write-up

Easy machine, but did you know that Curl had a configuration flag?

X-MAS CTF: Santa's No Password Login System

Blind SQL injection in the user-agent field? Nobody expected that…